service: prevent NPE in VerifyTokenSignature function

This commit adds next changes to VerifyTokenSignature:

  * returns ErrEmptyToken on nil token argument;

  * returns ErrEmptyPublicKey on nil public key argument.

service/token.go

@@ -203,7 +203,16 @@ func SignToken(token SessionToken, key *ecdsa.PrivateKey) error {
 }
 
 // VerifyTokenSignature checks if token was signed correctly.
+//
+// If passed token is nil, ErrEmptyToken returns.
+// If passed public key is nil, crypto.ErrEmptyPublicKey returns.
 func VerifyTokenSignature(token SessionToken, key *ecdsa.PublicKey) error {
+	if token == nil {
+		return ErrEmptyToken
+	} else if key == nil {
+		return crypto.ErrEmptyPublicKey
+	}
+
 	return crypto.Verify(
 		key,
 		verificationTokenData(token),

service/token_test.go

@@ -96,6 +96,11 @@ func TestSignToken(t *testing.T) {
 		ErrEmptyToken.Error(),
 	)
 
+	require.EqualError(t,
+		VerifyTokenSignature(nil, nil),
+		ErrEmptyToken.Error(),
+	)
+
 	var token SessionToken = new(Token)
 
 	// nil key
@@ -104,6 +109,11 @@ func TestSignToken(t *testing.T) {
 		crypto.ErrEmptyPrivateKey.Error(),
 	)
 
+	require.EqualError(t,
+		VerifyTokenSignature(token, nil),
+		crypto.ErrEmptyPublicKey.Error(),
+	)
+
 	// create private key for signing
 	sk := test.DecodeKey(0)
 	pk := &sk.PublicKey